From nobody Sun Apr 26 10:12:28 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g3MvK02wmz6bR7Z
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Sun, 26 Apr 2026 10:12:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4g3MvJ52b4z3GqD
	for <dev-commits-src-all@FreeBSD.org>; Sun, 26 Apr 2026 10:12:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1777198348;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kyNZBakbGSG8a1Xfgc9bu7jJfGadt9pWTmF9nBZtcyA=;
	b=OZ2Z6wJ8Sxmipx+zMrjceeaEBbkoQQL5uPJ7emAfr/Wgo7r1FqsV9AN8yzX/AY/ZjfDv+R
	r6hLZvs6nYckB7G9//2HOJwrAfMWFNVhYm69jq/ciDwepSmzp9kDOi4VI4BdihftvMHf/B
	sNMmoLNGjQX2wWDXHxp32TfW3lb/U+Bl7Pa1KyHYOj/P9awkxxutoANO9Jat7xCNbMBT/k
	vQflSrKAgJKgOub+hH/4iPSHldk1Me5YgWRCyvqBcsh4wQ1fcK6UBmtyxOgXwg/LZnM0gx
	KZc++4iQwiuF14SWkD/6PFTjQfz79IGZDHlMOawYEaPfEG+cX/X8ISqBb8/s8Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1777198348; a=rsa-sha256; cv=none;
	b=nxnQzjc2qWgI17cOIL5JHJ+++2Gq06z6lR1lOBSmSyId8IXNOpWdd5VIGenMfQKxldy9U8
	C+lr1O4VJIJViqQbC9bmfOu3iy05BWbFdkvtjim279tx2Hc6P8lOjxzHyo0VcpFQN6ESgg
	eEON9fVj8aNaujy2x34g7yBajLQMkRnty5KEr4H3MZH9NR+7Ru772eRLIjNN/wrXkAuEzp
	s64vfQ+mb4N5tmAenU/AQxzS4YcQqPB3zVbJX5Cnx8CbgA+Mu+Z0N7kPWw8uEq/REwdbsp
	jYY2wPPoHbE8MIGtveOTHi15Q4DgIMOjyioUtmyxkWBEX9ybVcPjrkgIwT4krg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1777198348;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kyNZBakbGSG8a1Xfgc9bu7jJfGadt9pWTmF9nBZtcyA=;
	b=EYeXLp075MrYMGJVzfn0XKA2JdA6UIvTu6U0Hx1sIE2KUutJf0RXZV49EMCxyRaWyXDC4w
	e0mIcOqoiU0y2+t0Nz152E8lZ6/xPOlDgaOKh5NFcEAsxabLOuQoaxvkoMJw83bKBYBe5a
	XmJqaTh3qtXvNCAeX7HggU1RGZo5NPmyuOtktJYMNJMPHqSFADlh0iTwPCUwBPDoXeLI9j
	NOG9KI73rihS0ZtJ7G5XUmZTHBOmiIEXdyUUnN2CXB9V+4fkunPbL5hovgqa7A29mU/iJL
	e6MGSklJcSTopIPK0UUK6CqksshK3TtLgrjEF/mhiwM2OqNKCRRO2b7pzMO7Hg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4g3MvJ4dmfz1fr
	for <dev-commits-src-all@FreeBSD.org>; Sun, 26 Apr 2026 10:12:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 3aa72
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Sun, 26 Apr 2026 10:12:28 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: fdcc60f52841 - stable/15 - pf: fix duplicate rule detection for automatic tables
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/15
X-Git-Reftype: branch
X-Git-Commit: fdcc60f52841708efda2582b2492b0a460496fcc
Auto-Submitted: auto-generated
Date: Sun, 26 Apr 2026 10:12:28 +0000
Message-Id: <69ede50c.3aa72.6b8824da@gitrepo.freebsd.org>

The branch stable/15 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=fdcc60f52841708efda2582b2492b0a460496fcc

commit fdcc60f52841708efda2582b2492b0a460496fcc
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2026-04-09 16:11:41 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2026-04-26 10:11:30 +0000

    pf: fix duplicate rule detection for automatic tables
    
    We should look at the table name for automatic tables as well. These
    are different tables, so the rules using them are (or can be) different
    as well.
    
    MFC after:      3 days
    Reported by:    Michael Sinatra <michael@burnttofu.net>
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    
    (cherry picked from commit fb838352751767e756bd45cd2040fa464ed4de20)
---
 sys/netpfil/pf/pf_ioctl.c          |  4 +---
 tests/sys/netpfil/pf/pass_block.sh | 42 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index e4f52931e713..46197a97dae4 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1345,9 +1345,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr)
 			PF_MD5_UPD(pfr, addr.iflags);
 			break;
 		case PF_ADDR_TABLE:
-			if (strncmp(pfr->addr.v.tblname, PF_OPTIMIZER_TABLE_PFX,
-			    strlen(PF_OPTIMIZER_TABLE_PFX)))
-				PF_MD5_UPD(pfr, addr.v.tblname);
+			PF_MD5_UPD(pfr, addr.v.tblname);
 			break;
 		case PF_ADDR_ADDRMASK:
 		case PF_ADDR_RANGE:
diff --git a/tests/sys/netpfil/pf/pass_block.sh b/tests/sys/netpfil/pf/pass_block.sh
index f6d973de7cf4..a5cd04f1db22 100644
--- a/tests/sys/netpfil/pf/pass_block.sh
+++ b/tests/sys/netpfil/pf/pass_block.sh
@@ -488,6 +488,47 @@ addr_range_cleanup()
 	pft_cleanup
 }
 
+atf_test_case "auto_tables" "cleanup"
+auto_tables_head()
+{
+	atf_set descr 'Test rulesets with different automatic tables'
+	atf_set require.user root
+}
+
+auto_tables_body()
+{
+	pft_init
+
+	epair=$(vnet_mkepair)
+	ifconfig ${epair}b 192.0.2.2/24 up
+
+	vnet_mkjail alcatraz ${epair}a
+	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
+
+	# Sanity check
+	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
+
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz \
+	    "set ruleset-optimization basic" \
+	    "test_a = \"203.0.113.1 203.0.113.2 203.0.113.3 203.0.113.4
+	        203.0.113.5 203.0.113.6 203.0.113.7 203.0.113.8 203.0.113.9
+	        203.0.113.10\"" \
+	    "test_b = \"192.0.2.1 192.0.2.2 192.0.2.3 192.0.2.4 192.0.2.5
+	        192.0.2.6 192.0.2.7 192.0.2.8 192.0.2.9 192.0.2.10\"" \
+	    "block" \
+	    "pass inet from any to { \$test_a }" \
+	    "pass inet from 198.51.100.1 to 198.51.100.2 no state" \
+	    "pass inet from any to { \$test_b }"
+
+	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
+}
+
+auto_tables_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "enable_disable"
@@ -500,4 +541,5 @@ atf_init_test_cases()
 	atf_add_test_case "optimize_any"
 	atf_add_test_case "any_if"
 	atf_add_test_case "addr_range"
+	atf_add_test_case "auto_tables"
 }